Today is the second Tuesday of the month, and that can only mean one thing: it"s Patch Tuesday, the day that Microsoft releases new updates for all supported versions of Windows.
First up is KB4284835, which brings the build number to 17134.112, and it"s for those on the Windows 10 April 2018 Update, or version 1803. You can manually download it here, and it contains the following fixes:
Provides protections from an additional subclass of speculative execution side channel vulnerability known as Speculative Store Bypass (CVE-2018-3639). These protections aren"t enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639) in addition to the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).
Addresses an issue in which the 2017 and 2018 versions of Intuit QuickBooks can"t run in multi-user mode on Windows 10 1803 devices. Users will now be offered Windows 10, version 1803.
Adds support for the SameSite cookie web standard to Microsoft Edge and Internet Explorer.
Addresses an issue with Internet Explorer that prevents it from using an updated version of location services.
Addresses an issue that causes certain games to fail to show dialogs when connected to monitors that support interlaced display formats.
Addresses an issue with the brightness controls on some laptops after updating to the Windows 10 April 2018 Update.
Addresses a reliability issue in which the GameBar may fail to launch.
Addresses an issue where firmware updates cause devices to go into BitLocker recovery mode when BitLocker is enabled, but Secure Boot is disabled or not present. This update prevents firmware installation on devices in this state. Administrators can install firmware updates by:
Temporarily suspending BitLocker.
Immediately installing firmware updates before the next OS startup.
Immediately restarting the device so that BitLocker doesn’t remain in the suspended state.
Addresses an issue that caused the system to start up to a black screen. This issue occurs because previous updates to the Spring Creators Update were incompatible with specific versions of PC tune-up utilities after installation.
Security updates to Internet Explorer, Microsoft Edge, Microsoft scripting engine, Windows Desktop Bridge, Windows apps, Windows shell, Windows kernel, Windows Server, Windows storage and filesystems, Windows wireless networking, remote code execution, and Windows virtualization and kernel.
There is also a known issue to be aware of:
Symptom | Workaround |
---|---|
Some users running Windows 10 version 1803 may receive an error "An invalid argument was supplied" when accessing files or running programs from a shared folder using the SMBv1 protocol. | Enable SMBv2 or SMBv3 on both the SMB server and the SMB client, as described in KB2696547. Microsoft is working on a resolution that will be available later in June. |
If your PC is running the Windows 10 Fall Creators Update, or version 1709, you"ll see KB4284819. It brings the build number to 16299.492, and can be manually downloaded here. Here"s what got fixed:
Provides protections from an additional subclass of speculative execution side channel vulnerability known as Speculative Store Bypass (CVE-2018-3639). These protections aren"t enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639) in addition to the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).
Includes additional performance improvements.
Addresses an issue in Microsoft Edge that causes incorrect responses to XML requests.
Adds support for the SameSite cookie web standard to Microsoft Edge and Internet Explorer.
Addresses an issue with Internet Explorer that prevents it from using an updated version of location services.
Addresses an issue where firmware updates cause devices to go into BitLocker recovery mode when BitLocker is enabled, but Secure Boot is disabled or not present. This update prevents firmware installation on devices in this state. Administrators can install firmware updates by:
Temporarily suspending BitLocker.
Immediately installing firmware updates before the next OS startup.
Immediately restarting the device so that BitLocker doesn’t remain in the suspended state.
Security updates to Internet Explorer, Microsoft Edge, Microsoft scripting engine, Windows Desktop Bridge, Windows apps, Windows shell, Windows storage and filesystems, Windows app platform and frameworks, Windows virtualization and kernel, Windows wireless networking, and Windows Server.
This update includes a couple of known issues:
Symptom | Workaround |
---|---|
Some non-English platforms may display the following string in English instead of the localized language: ”Reading scheduled jobs from file is not supported in this language mode.” This error appears when you try to read the scheduled jobs you"ve created and Device Guard is enabled | Microsoft is working on a resolution and will provide an update in an upcoming release. |
When Device Guard is enabled, some non-English platforms may display the following strings in English instead of the localized language:
| Microsoft is working on a resolution and will provide an update in an upcoming release. |
For PCs and phones that are on the Windows 10 Creators Update, or version 1703, you"ll get KB4284874. It brings the build number to 15063.1155, can be manually downloaded here, and contains the following fixes:
Provides support to control usage of Indirect Branch Prediction Barrier (IBPB) on some AMD processors (CPUs) for mitigating CVE-2017-5715, Spectre Variant 2 when switching from user context to kernel context. (See AMD Architecture Guidelines for Indirect Branch Controland AMD Security Updates for more details). For Windows client (IT pro) guidance, follow the instructions in KB4073119. Use this guidance document to enable IBPB on some AMD processors (CPUs) for mitigating Spectre Variant 2 when switching from user context to kernel context.
Provides protections from an additional subclass of speculative execution side channel vulnerability known as Speculative Store Bypass (CVE-2018-3639). These protections aren"t enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639) in addition to the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).
Includes additional performance improvements.
Addresses a mobile-only issue where enterprise files could be saved as personal files even though the Windows Information Protection policy is enabled on the device.
Addresses an issue where firmware updates cause devices to go into BitLocker recovery mode when BitLocker is enabled, but Secure Boot is disabled or not present. This update prevents firmware installation on devices in this state. Administrators can install firmware updates by:
Temporarily suspending BitLocker.
Immediately installing firmware updates before the next OS startup.
Immediately restarting the device so that BitLocker doesn’t remain in the suspended state.
Addresses an issue where booting with Unified Write Filter (UWF) turned on may lead to stop error 0xE1 in embedded devices, particularly when using a USB hub.
Increased the Internet Explorer cookie limit from 50 to better align with industry standards.
Security updates to Internet Explorer, Microsoft Edge, Microsoft scripting engine, Windows Desktop Bridge, Windows apps, Windows Server, Windows wireless networking, Windows storage and filesystems, Windows app platform and frameworks, and Windows virtualization and kernel.
There are no known issues with this update.
Next up is KB4284880, which is for PCs and phones that are on the Windows 10 Anniversary Update, or version 1607. You can manually download it here, and it brings the build number to 14393.2312. Here"s what got fixed:
Provides protections from an additional subclass of speculative execution side channel vulnerability known as Speculative Store Bypass (CVE-2018-3639). These protections aren"t enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639) in addition to the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).
Includes additional performance improvements.
Addresses an issue where booting with Unified Write Filter and a connected USB hub may lead to stop error E1.
Addresses an issue where firmware updates cause devices to go into BitLocker recovery mode when BitLocker is enabled but Secure Boot is disabled or not present. This update prevents firmware installation on devices in this state. Administrators can install firmware updates by:
Temporarily suspending BitLocker.
Immediately installing firmware updates before the next OS startup.
Immediately restarting the device so that BitLocker doesn’t remain in the suspended state.
Permits a band-capable disk that has only one partition, which is an MSR partition, to convert to a dynamic disk.
Increased the Internet Explorer cookie limit from 50 to better align with industry standards.
Security updates to Internet Explorer, Microsoft Edge, Microsoft scripting engine, Windows Desktop Bridge, Windows apps, Windows datacenter networking, Windows wireless networking, Windows Server, Windows virtualization and kernel, and Windows app platform and frameworks.
There"s also a known issue to be aware of:
Symptom | Workaround |
---|---|
Reliability issues have been observed during the creation of shielded VMs and the required artifacts for their deployment. There are also reliability issues for the Shielding File Wizard with or without the SCVMM interface. Note: Existing shielded VMs and HGSs are not affected. | Microsoft is working on a resolution and will provide an update in an upcoming release. |
You might recall that last month, there was no cumulative update for Windows 10 version 1511. The version is unsupported, and it was the first Patch Tuesday when any version of Windows 10 didn"t receive an update. That"s also the case this month, although it hasn"t stopped Windows 10 version 1507 from receiving a cumulative update.
Devices on the original version of Windows 10 will see KB4284860, and that brings the build number to 10240.17889. It can be manually downloaded here, and it contains the following fixes:
Provides support to control usage of Indirect Branch Prediction Barrier (IBPB) on some AMD processors (CPUs) for mitigating CVE-2017-5715, Spectre Variant 2 when switching from user context to kernel context. (See AMD Architecture Guidelines for Indirect Branch Controland AMD Security Updates for more details). For Windows client (IT pro) guidance, follow the instructions in KB4073119. Use this guidance document to enable IBPB on some AMD processors (CPUs) for mitigating Spectre Variant 2 when switching from user context to kernel context.
Provides protections from an additional subclass of speculative execution side channel vulnerability known as Speculative Store Bypass (CVE-2018-3639). These protections aren"t enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. Use this guidance document to enable mitigations for Speculative Store Bypass (CVE-2018-3639) in addition to the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).
Includes additional performance improvements.
Addresses an issue that sometimes prevents eDrives from unlocking when an eDrive is a secondary drive and the system drive is protected with BitLocker.
Addresses an issue where firmware updates cause devices to go into BitLocker recovery mode when BitLocker is enabled but Secure Boot isn"t present or disabled. This update prevents firmware installation on devices in this state. Administrators can install firmware updates by:
Temporarily suspending BitLocker.
Immediately installing firmware updates before the next OS startup.
Immediately restarting the device so that BitLocker doesn’t remain in the suspended state.
Addresses an issue where booting with Unified Write Filter (UWF) enabled may lead to stop error 0xE1 on embedded devices, particularly when using a USB hub.
Increased the Internet Explorer cookie limit from 50 to better align with industry standards
Security updates to Internet Explorer, Microsoft Edge, Microsoft scripting engine, Windows apps, Windows Server, Windows wireless networking, Windows storage and filesystem, remote code execution, and Windows virtualization and kernel.
This update does not include any known issues.
You can always download updates by using Windows Update, although keep in mind that unless you"re actively deferring feature updates, hitting that "Check for updates" button will bring you onto Windows 10 version 1803.